el-contador 1.1.0 → 1.2.2

package/docker-compose.yml

@@ -1,5 +1,5 @@
 # Compose file format 3.8 for compatibility with docker-compose (v1) and docker compose (v2)
-version: "3.8"
+#version: "3.8"
 
 services:
   postgres:

package/frontend/README.md

@@ -0,0 +1,73 @@
+# React + TypeScript + Vite
+
+This template provides a minimal setup to get React working in Vite with HMR and some ESLint rules.
+
+Currently, two official plugins are available:
+
+- [@vitejs/plugin-react](https://github.com/vitejs/vite-plugin-react/blob/main/packages/plugin-react) uses [Babel](https://babeljs.io/) (or [oxc](https://oxc.rs) when used in [rolldown-vite](https://vite.dev/guide/rolldown)) for Fast Refresh
+- [@vitejs/plugin-react-swc](https://github.com/vitejs/vite-plugin-react/blob/main/packages/plugin-react-swc) uses [SWC](https://swc.rs/) for Fast Refresh
+
+## React Compiler
+
+The React Compiler is not enabled on this template because of its impact on dev & build performances. To add it, see [this documentation](https://react.dev/learn/react-compiler/installation).
+
+## Expanding the ESLint configuration
+
+If you are developing a production application, we recommend updating the configuration to enable type-aware lint rules:
+
+```js
+export default defineConfig([
+  globalIgnores(['dist']),
+  {
+    files: ['**/*.{ts,tsx}'],
+    extends: [
+      // Other configs...
+
+      // Remove tseslint.configs.recommended and replace with this
+      tseslint.configs.recommendedTypeChecked,
+      // Alternatively, use this for stricter rules
+      tseslint.configs.strictTypeChecked,
+      // Optionally, add this for stylistic rules
+      tseslint.configs.stylisticTypeChecked,
+
+      // Other configs...
+    ],
+    languageOptions: {
+      parserOptions: {
+        project: ['./tsconfig.node.json', './tsconfig.app.json'],
+        tsconfigRootDir: import.meta.dirname,
+      },
+      // other options...
+    },
+  },
+])
+```
+
+You can also install [eslint-plugin-react-x](https://github.com/Rel1cx/eslint-react/tree/main/packages/plugins/eslint-plugin-react-x) and [eslint-plugin-react-dom](https://github.com/Rel1cx/eslint-react/tree/main/packages/plugins/eslint-plugin-react-dom) for React-specific lint rules:
+
+```js
+// eslint.config.js
+import reactX from 'eslint-plugin-react-x'
+import reactDom from 'eslint-plugin-react-dom'
+
+export default defineConfig([
+  globalIgnores(['dist']),
+  {
+    files: ['**/*.{ts,tsx}'],
+    extends: [
+      // Other configs...
+      // Enable lint rules for React
+      reactX.configs['recommended-typescript'],
+      // Enable lint rules for React DOM
+      reactDom.configs.recommended,
+    ],
+    languageOptions: {
+      parserOptions: {
+        project: ['./tsconfig.node.json', './tsconfig.app.json'],
+        tsconfigRootDir: import.meta.dirname,
+      },
+      // other options...
+    },
+  },
+])
+```

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "el-contador",
-  "version": "1.1.0",
+  "version": "1.2.2",
   "description": "Bookkeeping and expense management – run with Docker",
   "keywords": [
     "bookkeeping",
@@ -26,7 +26,7 @@
     "server/index.js",
     "server/package.json",
     "server/package-lock.json",
-    "admin",
+    "frontend/dist",
     "docker-compose.yml",
     ".env.example",
     "README.md",

package/server/Dockerfile

@@ -1,4 +1,13 @@
-# Build from project root: docker build -f server/Dockerfile .
+# Build from project root: docker compose build (or docker build -f server/Dockerfile .)
+# Stage 1: build frontend
+FROM node:20-alpine AS frontend-builder
+WORKDIR /app/frontend
+COPY frontend/package.json frontend/package-lock.json ./
+RUN npm ci
+COPY frontend/ .
+RUN npm run build
+
+# Stage 2: backend + frontend dist
 FROM node:20-alpine
 
 WORKDIR /app
@@ -7,7 +16,7 @@ COPY server/package.json server/package-lock.json* ./
 RUN npm ci --omit=dev
 
 COPY server/ .
-COPY admin/ /admin/
+COPY --from=frontend-builder /app/frontend/dist/ /frontend/dist/
 
 EXPOSE 3000
 

package/server/README.md

@@ -34,6 +34,15 @@ Then set in `.env`:
 
 Point your subdomain at this app (reverse proxy to `http://127.0.0.1:3080` or your ADMIN_PORT). See the root README for an nginx example. First login with the email/password from step 2.
 
+### 413 Payload Too Large on file upload
+
+If users get **413** when uploading receipt images (e.g. on mobile), the request is being rejected by the **web server** (Apache/nginx) before it reaches Node, so the backend will not log the request.
+
+- **Apache**: In the vhost or `.htaccess`, set `LimitRequestBody` high enough (e.g. `LimitRequestBody 10485760` for 10MB). Default is often 1MB or less.
+- **nginx**: In server/location, set `client_max_body_size 10M;` (or higher). Default is 1M.
+
+The app allows uploads up to 10MB (expenses/sales); ensure the proxy limit is at least that.
+
 ## API (all under `/api`, require session except auth)
 
 - `POST /api/auth/login` – body: `{ email, password }`

package/server/db/init.js

@@ -67,6 +67,8 @@ async function init() {
     await pool.query("ALTER TABLE sales ADD COLUMN IF NOT EXISTS customer_address text");
     await pool.query("ALTER TABLE sales ADD COLUMN IF NOT EXISTS voided boolean NOT NULL DEFAULT false");
     await pool.query("ALTER TABLE sales ADD COLUMN IF NOT EXISTS voided_at timestamptz");
+    await pool.query("ALTER TABLE sales ADD COLUMN IF NOT EXISTS external_id text UNIQUE");
+    await pool.query("ALTER TABLE sales ADD COLUMN IF NOT EXISTS source text");
     await pool.query("ALTER TABLE bank_transactions ADD COLUMN IF NOT EXISTS account_type text");
     await pool.query("ALTER TABLE bank_transactions ADD COLUMN IF NOT EXISTS account_note text");
     await pool.query(`

package/server/db/schema.sql

@@ -87,8 +87,17 @@ CREATE TABLE IF NOT EXISTS sales (
   created_at timestamptz NOT NULL DEFAULT now()
 );
 
--- Migration: Add customer_id column if table exists without it
-ALTER TABLE sales ADD COLUMN IF NOT EXISTS customer_id uuid REFERENCES customers(id) ON DELETE SET NULL;
+-- Integration settings: single row for dynamic Stripe/Paddle credentials
+CREATE TABLE IF NOT EXISTS integration_settings (
+  id int PRIMARY KEY DEFAULT 1 CHECK (id = 1),
+  data jsonb NOT NULL DEFAULT '{}'
+);
+INSERT INTO integration_settings (id, data) VALUES (1, '{}'::jsonb)
+ON CONFLICT (id) DO NOTHING;
+
+-- Migration: Add external sync tracking columns to sales if they don't exist
+ALTER TABLE sales ADD COLUMN IF NOT EXISTS external_id text UNIQUE;
+ALTER TABLE sales ADD COLUMN IF NOT EXISTS source text;
 
 -- Migration: Add file columns to sales if they don't exist
 ALTER TABLE sales ADD COLUMN IF NOT EXISTS file_name text;
@@ -249,3 +258,31 @@ CREATE TABLE IF NOT EXISTS approval_settings (
 );
 INSERT INTO approval_settings (id, enabled, approvers) VALUES (1, false, '[]')
 ON CONFLICT (id) DO NOTHING;
+
+-- Contact account numbers (for bank/ledger reference)
+ALTER TABLE customers ADD COLUMN IF NOT EXISTS account_number text;
+ALTER TABLE suppliers ADD COLUMN IF NOT EXISTS account_number text;
+
+-- Payees table (people/entities we pay: freelancers, refund recipients, etc.)
+CREATE TABLE IF NOT EXISTS payees (
+  id uuid PRIMARY KEY DEFAULT gen_random_uuid(),
+  name text NOT NULL,
+  email text,
+  address text,
+  phone text,
+  vat_number text,
+  company_number text,
+  account_number text,
+  notes text,
+  created_at timestamptz NOT NULL DEFAULT now(),
+  updated_at timestamptz NOT NULL DEFAULT now()
+);
+CREATE INDEX IF NOT EXISTS idx_payees_name ON payees(name);
+
+-- Backfill bank_transaction_id on expenses that were matched via single-expense match
+-- (reconciliation_ref_type = 'expense') so status shows as Paid on the Expenses page
+UPDATE expenses e
+SET bank_transaction_id = bt.id
+FROM bank_transactions bt
+WHERE bt.reconciliation_ref_type = 'expense' AND bt.reconciliation_ref_id = e.id
+  AND e.bank_transaction_id IS NULL AND e.reconciled = true;

package/server/index.js

@@ -14,10 +14,13 @@ const bankRoutes = require('./routes/bank');
 const reconciliationRoutes = require('./routes/reconciliation');
 const invoiceConfigRoutes = require('./routes/invoice-config');
 const approvalSettingsRoutes = require('./routes/approval-settings');
+const integrationsRoutes = require('./routes/integrations');
 const dashboardRoutes = require('./routes/dashboard');
 const customersRoutes = require('./routes/customers');
 const suppliersRoutes = require('./routes/suppliers');
+const payeesRoutes = require('./routes/payees');
 const vatReportsRoutes = require('./routes/vat-reports');
+const webhooksRoutes = require('./routes/webhooks');
 
 const PgSession = connectPgSimple(session);
 const app = express();
@@ -25,6 +28,9 @@ const app = express();
 // Required when behind a reverse proxy (Apache/nginx) so cookies and redirects use correct scheme/host
 app.set('trust proxy', 1);
 
+// Mount webhooks before generic JSON parsing because Stripe requires raw body
+app.use('/api/webhooks', webhooksRoutes);
+
 app.use(cookieParser());
 app.use(express.json());
 
@@ -61,6 +67,7 @@ app.use(
 );
 
 app.use('/api/auth', authRoutes);
+app.use('/api/public', require('./routes/public'));
 app.use('/api/expenses', requireAuth, expensesRoutes);
 app.use('/api/expense-categories', requireAuth, expenseCategoriesRoutes);
 app.use('/api/sales', requireAuth, salesRoutes);
@@ -68,31 +75,31 @@ app.use('/api/bank-transactions', requireAuth, bankRoutes);
 app.use('/api/reconciliation', requireAuth, reconciliationRoutes);
 app.use('/api/invoice-config', requireAuth, invoiceConfigRoutes);
 app.use('/api/approval-settings', approvalSettingsRoutes);
+app.use('/api/integrations', requireAuth, integrationsRoutes);
 app.use('/api/dashboard', requireAuth, dashboardRoutes);
 app.use('/api/customers', requireAuth, customersRoutes);
 app.use('/api/suppliers', requireAuth, suppliersRoutes);
+app.use('/api/payees', requireAuth, payeesRoutes);
 app.use('/api/reports/vat', requireAuth, vatReportsRoutes);
 
-const adminRoot = path.join(__dirname, '..', 'admin');
+const adminRoot = path.join(__dirname, '..', 'frontend', 'dist');
+
+// Serve static assets first so JS/CSS load without going through auth (avoids MIME type errors)
+app.use(express.static(adminRoot));
 
+// Redirect unauthenticated users to login only for page requests (not for /assets/*, etc.)
 function serveLoginIfNeeded(req, res, next) {
-  if (req.path !== '/login' && req.path !== '/login.html' && !req.session?.userId) {
+  if (req.path !== '/login' && !req.session?.userId) {
     return res.redirect('/login');
   }
   next();
 }
 
-app.get('/login', (req, res) => {
-  if (req.session && req.session.userId) {
-    return res.redirect('/');
-  }
-  res.sendFile(path.join(adminRoot, 'login.html'));
-});
-
 app.use(serveLoginIfNeeded);
-app.use(express.static(adminRoot, { index: 'app.html' }));
-app.get('/', (req, res) => {
-  res.sendFile(path.join(adminRoot, 'app.html'));
+
+// All unknown routes (except /api) should fall back to index.html for React Router
+app.get('*', (req, res) => {
+  res.sendFile(path.join(adminRoot, 'index.html'));
 });
 
 const PORT = parseInt(process.env.PORT || '3000', 10);